An improved two-hidden-layer extreme learning machine for malware hunting

Namavar Jahromi, A ORCID: https://orcid.org/0000-0002-9709-5872, Hashemi, S, Dehghantanha, A, Choo, KimKR ORCID: https://orcid.org/0000-0001-9208-5336, Karimipour, H, Newton, DE and Parizi, RM 2020, 'An improved two-hidden-layer extreme learning machine for malware hunting' , Computers & Security, 89 , p. 101655.

Full text not available from this repository. (Request a copy)

Abstract

Detecting unknown malware and their variants remains both an operational challenge and a research challenge. In recent years, there have been attempts to design machine learning techniques to increase the success of existing automated malware detection and analysis. In this paper, we build a modified Two-hidden-layered Extreme Learning Machine (TELM), which uses the dependency of malware sequence elements in addition to having the advantage of avoiding backpropagation when training neural networks. We achieve this goal by using partially connected networks between the input and the first hidden layer. These are then aggregated with a fully connected network in the second layer. Finally, we utilize an ensemble to improve the accuracy and robustness of the system for malware threat hunting. The proposed method speeds up the training and detection steps of malware hunting, in comparison to stacked Long Short Term Memory (LSTM) and Convolutional Neural Network (CNN). Specifically, this is achieved by avoiding the backpropagation method and using a more simple architecture. Hence, the complexity of our final method is reduced, which leads to better accuracy, higher Matthews Correlation Coefficients (MCC), and Area Under the Curve (AUC), in comparison to a standard LSTM with reduced detection time. Our proposed method is especially useful for malware threat hunting in safety-critical systems, such as electronic health or Internet of Battlefield / Military of Things, since the enormous size of the training data makes it impractical to use complex models (e.g., deep neural networks). In addition in safety-critical systems, both training and detection speeds, as well as the detection rate, are equally important. Our research results in a powerful network that can be used for all platforms with a range of malware analysis. The proposed approach is tested on Windows, Ransomware, Internet of Things (IoT) and a mix of different malware samples datasets. For example, our evaluation using an IoT-specific dataset reports an accuracy of 99.65% in detecting IoT malware samples with an AUC of 0.99, and an MCC of 0.992; thus, outperforming standard LSTM based methods for IoT malware detection in all metrics.

Item Type: Article
Schools: Schools > School of Computing, Science and Engineering
Journal or Publication Title: Computers & Security
Publisher: Elsevier
ISSN: 0167-4048
Related URLs:
Depositing User: USIR Admin
Date Deposited: 12 Mar 2020 14:16
Last Modified: 12 Mar 2020 14:16
URI: http://usir.salford.ac.uk/id/eprint/56643

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)